"New Methods Could Improve Security Of Two-Factor Authentication Systems"

A team of researchers at Texas A&M University has designed new easy-to-use methods to counter vulnerabilities contained by push notification-based two-factor authentication (2FA) systems. Many online services have implemented push notification-based 2FA systems. These systems require users to approve login attempts through a mobile device. Current authentication systems, especially the tap-to-approve approach, do not have an explicit link that shows correspondence between the user's browser session and the notification they receive on their device. This is a vulnerability that can be exploited by attackers. The mechanisms deigned by the team have similar usability to the original push notification-based authentication method. However, they provide security against concurrent login attacks. If a user receives two notifications, the notification that corresponds to the attacker's browser session will be different, so the user should be able to detect that something is strange and not accept the wrong notification. One of the main advantages of the push notification-based authentication systems is that it is a simple way to authenticate login attempts without having to make users remember and manage complex passwords for their accounts. This article continues to discuss the security risks associated with push notification-based authentication systems and the new mechanisms developed by Texas A&M researchers to combat the vulnerabilities in these systems.

Texas A&M Today reports "New Methods Could Improve Security Of Two-Factor Authentication Systems"